June 27, 2019
The Canadian financial institution Desjardins was the victim of an insider threat resulting in the data of 2.9 million customers being exposed. The leaked information included names, addresses, birth dates, social insurance numbers, email addresses and information about transaction habits.
Desjardins is the largest federation of credit unions in North America, with outlets across Quebec and Ontario. The data breach affects around 2.7 million people and 173,000 businesses.
Desjardins CEO and president Guy Cormier said the security breach was not the result of a cyberattack, but the work of an employee who improperly accessed and shared the information. He was arrested by Laval police but has not yet been charged.
“When just one employee, reportedly acting without acolytes, has an uncontrollable access to such a huge amount of confidential data and even manages to take it away, there is reason to believe that some of the internal security controls are broken. Human factor remains the largest and probably the most dangerous risk than cannot be fully remediated. Most companies considerably underestimate human risk and then face disastrous consequences.”
The latter is a five-year forecast that covers 2019 through 2024. These reports showed where growth lies within the cloud security market and what challenges are presented to businesses who use or are looking to use cloud services.
The 2019 Cloud Security Report showed the drive behind why the market is experiencing such large growth, as 64 percent of respondents said data loss and leakage is their top cloud security concern.
The biggest perceived vulnerabilities to cloud security are unauthorized access through misuse of employee credentials and improper access controls accounts, and insecure interfaces and APIs accounts. Both individually accounted for 42 percent of the perceived vulnerabilities.
Insider threat has become one the biggest risks to businesses globally, accounting for 64% of security breaches today. With the average cost to resolve insider-related incidents reaching $2.08m per incident, it should come as no surprise that organizations are beginning to invest heavily in employee monitoring technology.
While the average employee of a US-based company accepts the fact that nearly all of their virtual activity in the workplace may be monitored, they expect a certain level of privacy in their personal life.
Yet as the world becomes increasingly digital, massive amounts of publicly available data about employee’s lives outside of the workplace is now available to employers and can be used to detect anomalous activity, which may adversely affect the employee, other employees and/or the workplace.
While seemingly controversial, detecting concerning or otherwise anomalous activity outside the workplace can inform a company that an employee may need assistance in a variety of forms, even if it is just someone to talk to about on-going personal issues unrelated to work.